In today's fast-paced digital world, staying on top of software vulnerabilities is critical for developers, security professionals, and organizations alike. The vuln-checker tool, available on PyPI, is a powerful command-line interface (CLI) utility designed to simplify the process of identifying Common Vulnerabilities and Exposures (CVEs) using the National Vulnerability Database (NVD) API. Whether you're auditing a single product or processing a batch of software components, vuln-checker offers a streamlined, flexible, and feature-rich solution for vulnerability management.

What is vuln-checker?

vuln-checker is an open-source Python-based CLI tool that enables users to query the NVD API for CVEs based on product names and versions (using Common Platform Enumeration, or CPE, lookup). Developed by Sai Krishna Meda and licensed under the MIT License, this tool is designed to be both user-friendly and powerful, catering to security analysts, DevOps teams, and developers who need to ensure their software stack is secure.

With version 0.5.2 available as of September 2025, vuln-checker supports a variety of use cases, from interactive CVE searches to batch processing and customizable reporting. Its lightweight design and easy installation make it an excellent addition to any security toolkit.

Key Features

Here's why vuln-checker stands out:

  • Interactive CPE Resolution: When multiple CPE matches are found for a product, vuln-checker provides an interactive mode to help you select the correct one, ensuring accurate results.
  • Severity Filtering: Narrow down CVEs by severity levels (LOW, MEDIUM, HIGH, CRITICAL) to focus on the most pressing vulnerabilities.
  • Flexible Output Formats: Export results in JSON, CSV, or HTML, complete with clickable hyperlinks for CVE IDs to dive deeper into vulnerability details.
  • Batch Processing: Process multiple products and versions via command-line input or CSV files, perfect for auditing large software inventories.
  • NVD API Integration: Requires an NVD API key for enhanced access, with built-in pagination to retrieve comprehensive CVE data while respecting rate limits.
  • Version and Upgrade Commands: Easily check the installed version with vuln-checker — version or upgrade to the latest release with vuln-checker — upgrade.

Getting Started with vuln-checker

Installation

Installing vuln-checker is straightforward. You can install it via pip:

pip install vuln-checker

Alternatively, you can clone the repository from GitHub and install it manually:

git clone https://github.com/skm248/vuln-checker.git
cd vuln-checker
pip install -r requirements.txt
pip install .

Setting Up the NVD API Key

To use vuln-checker, you'll need an NVD API key, which can be obtained from the NVD website. Once you have your key, set it as an environment variable (NVD_API_KEY) based on your operating system:

  • Windows (Command Prompt):
set NVD_API_KEY=your_actual_api_key
  • Windows (PowerShell):
$env:NVD_API_KEY = "your_actual_api_key"
  • Linux/macOS:
export NVD_API_KEY=your_actual_api_key

For persistent setup across sessions, refer to the detailed instructions in the PyPI documentation.

Usage Examples

vuln-checker is highly versatile, supporting various workflows. Here are a few examples:

  1. Single Product Search:
vuln-checker --products "jquery:1.11.3,1.11.5 lodash:3.5.0" --format html --output custom_report.html

This command fetches CVEs for jQuery versions 1.11.3 and 1.11.5, as well as Lodash version 3.5.0, and saves the results as an HTML report.

2. Batch Processing with CSV: Create a products.csv file with the following format:

product,versions
jquery,1.11.3,1.11.5
lodash,3.5.0

Then run:

vuln-checker --input-csv products.csv --format csv --output output.csv

This processes all product/version pairs in the CSV and outputs the results to a CSV file.

3. Filtering by Severity:

vuln-checker --products "jquery:1.11.3,1.11.5" --severity critical,high --format json --output output.json

This filters CVEs to include only those with HIGH or CRITICAL severity, saving the results in JSON format.

4. Checking Tool Version:

vuln-checker --version

Displays the current installed version (e.g., 0.5.2).

5. Upgrading to the Latest Version:

vuln-checker --upgrade --yes

Automatically upgrades to the latest version from PyPI without prompting for confirmation.

Why Use vuln-checker?

  • Ease of Use: The CLI interface is intuitive, with clear command-line options and interactive prompts for ambiguous CPE matches.
  • Customizable Outputs: Whether you need a quick JSON dump for automation or a polished HTML report for stakeholders, vuln-checker has you covered.
  • Scalability: Batch processing and CSV input make it ideal for large-scale vulnerability assessments.
  • Open-Source and Free: Licensed under MIT, vuln-checker is free to use, modify, and distribute, with an active GitHub community at skm248/vuln-checker.

Limitations and Notes

  • An NVD API key is required for full functionality, and rate limits apply (handled gracefully with a 0.5-second delay between requests).
  • You must provide either — input-csv or — products, but not both.
  • Hyperlinks in CSV outputs are formatted as Excel-compatible =HYPERLINK formulas, enhancing usability in spreadsheets.

Conclusion

Vuln-checker is a must-have tool for anyone responsible for securing software systems. Its combination of flexibility, ease of use, and robust features makes it an excellent choice for identifying and managing vulnerabilities. Whether you're a solo developer checking a single library or a security team auditing an entire software stack, vuln-checker simplifies the process and delivers actionable results.

Ready to give it a try? Install vuln-checker today with pip install vuln-checker, grab your NVD API key, and start securing your software. For more details, check out the PyPI page or the GitHub repository.

Stay proactive, stay secure!